Security
How SkillSafe protects the supply chain for AI coding tool skills.
Security Model
SkillSafe is designed to protect against supply-chain attacks on AI coding tool skills. The security model has three pillars:
Content Integrity
Every file is hashed with SHA-256. The tree hash is computed from sorted file paths and their hashes. This hash is immutable — if a single byte changes, the tree hash changes.
Dual-Side Verification
Publishers scan and upload a report alongside the archive. Consumers independently re-scan after download. The server compares both and returns a verdict.
Zero-Knowledge Vault
Personal data is encrypted client-side with AES-256-GCM before upload. The server stores only ciphertext. The encryption key never leaves your device.
Advisories
No security advisories have been published.
Responsible Disclosure
If you discover a security vulnerability, please report it responsibly:
security@skillsafe.aiWe acknowledge reports within 48 hours and aim to fix critical issues within 7 days. We do not pursue legal action against researchers acting in good faith.